CVE-2024-53122

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-53122

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53122.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-53122

Downstream

BELL-CVE-2024-53122

DEBIAN-CVE-2024-53122

DLA-4008-1

OESA-2025-1093

OESA-2025-1097

RHSA-2025:0049

RHSA-2025:0050

RHSA-2025:0051

RHSA-2025:0052

RHSA-2025:0053

RHSA-2025:0054

RHSA-2025:0055

RHSA-2025:0056

RHSA-2025:0057

RHSA-2025:0058

RHSA-2025:0059

RHSA-2025:0060

RHSA-2025:0061

RHSA-2025:0062

RHSA-2025:0063

RHSA-2025:0064

RHSA-2025:0065

RHSA-2025:0066

RHSA-2025:0067

RHSA-2025:0109

SUSE-SU-2025:0117-1

SUSE-SU-2025:0153-1

SUSE-SU-2025:0154-1

SUSE-SU-2025:0201-1

SUSE-SU-2025:0201-2

SUSE-SU-2025:0229-1

SUSE-SU-2025:0289-1

Related

Published

2024-12-02T14:15:13Z

Modified

2025-08-09T20:01:26Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

mptcp: cope racing subflow creation in mptcprcvspace_adjust

Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs.

A racing recvmsg() spooling data received on an already established subflow would unconditionally call tcpcleanuprbuf() on all the current subflows, potentially hitting a divide by zero error on the newly created ones.

Explicitly check that the subflow is in a suitable state before invoking tcpcleanuprbuf().

References

Affected packages